SolidFire and HCI

SolidFire cluster secure erase

TS2022
2,774 Views

Hi, we in the process of retiring a SolidFire cluster and I am trying to figure out the commands to securely wipe the entire cluster.  I see how to secure erase drives, but not sure the process for doing the entire array.  We are on Element OS 11.1.  Thanks.

1 ACCEPTED SOLUTION

RossC
2,753 Views

Hi @TS2022 

 

This KB article might be helpful to you - https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/Element_Software/How_to_wipe_and_rebuild_an_Element_cluster

 

Basically the article is just advising to RTFI each node in the cluster. There is a "return to factory" capability but it was implemented in Element 12.0. 

 

So basically, download Element RTFI image from our Support Site, mount via iDRAC/IPMI (or USB) and RTFI each node. This will wipe configuration, disks etc as part of the process.

 

Hope this helps. 

View solution in original post

4 REPLIES 4

RossC
2,754 Views

Hi @TS2022 

 

This KB article might be helpful to you - https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/Element_Software/How_to_wipe_and_rebuild_an_Element_cluster

 

Basically the article is just advising to RTFI each node in the cluster. There is a "return to factory" capability but it was implemented in Element 12.0. 

 

So basically, download Element RTFI image from our Support Site, mount via iDRAC/IPMI (or USB) and RTFI each node. This will wipe configuration, disks etc as part of the process.

 

Hope this helps. 

elementx
2,735 Views

To add some tips not in the KB:

 

- As you use Element ISO to RTFI a node, you'll see that one of the steps involves (S)ATA Secure Erase commands. That's what securely wipes metadata and data disks used by SolidFire in seconds. If you're paranoid, you can watch the console until past this step to verify this worked properly. SolidFire cluster encrypts drives using own or external key, so once the cluster is destroyed, I don't think anyone can get to the data in any case, but RTFI makes double sure of that

- OS boot disk will be reformatted by RTFI, but not erased in the same, secure fashion. Generally there's nothing confidential on reformatted boot disk (if you could recover those files, you'd find the usual - OS IPs, DNS IP, maybe some encrypted creds, etc), but you could load another (generic Linux) ISO after RTFI and overwrite that boot disk one or more times. I'm not sure if OS boot disk uses LUKS, in which case that would be unnecessary, but I think it doesn't.

TS2022
2,607 Views

Thanks for the info...everything has been RTFI'd except for one H610s storage node.  Once it starts to boot off the USB drive, it boots ember up until the SolidFire graphic appears and then just hangs.  Any advice for this?

Thanks.

elementx
2,593 Views

Approach 1) try some of the KBs with "RTFI fails"

Examples:

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/Element_Software/RTFI_fails_on_H610S_with_UnhandledError_pid%3D1_cmd%3Dcp-f_%22...

https://kb.netapp.com/Advice_and_Troubleshooting/Hybrid_Cloud_Infrastructure/H_Series/RTFI_fails_on_H610S_with_'NVDIMMs_are_not_armed'

 

Approach 2) contact Support

 

Approach 3) I'm not 100% sure if this would work with NVMe disks that H610S has, but it seems newer Linux has the utility so load any Live ISO and nuke the NVMe disks. There's a Wiki for the CLI here:  https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase. Or, depending on whether that's considered acceptable or not, format NVMe disks and and do several overwrite cycles.

 

Public